package com.hk.aefz.shiro;

import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
import com.hk.aefz.po.Account;
import com.hk.aefz.po.UserInfo;
import com.hk.aefz.service.AccountService;
import com.hk.aefz.service.UserInfoService;
import com.hk.aefz.web.AccountController;
import com.hk.aefz.web.UserInfoController;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.*;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.session.Session;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.util.ByteSource;
import org.springframework.beans.factory.annotation.Autowired;

import java.util.Set;

/**
 * 自定义UserRealm
 */
public class UserRealm extends AuthorizingRealm {

//    注入AccountController
    @Autowired
    private AccountController accountController;

    @Autowired
    private UserInfoService userInfoService;

    @Autowired
    private AccountService accountService;

//    授权
    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
        System.err.println("执行了授权.........");
//        1. 通过principals获取认证过得用户信息
        Account account = (Account) principals.getPrimaryPrincipal();
//        2. 创建SimpleAuthorizationInfo对象
        SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
//        获取当前用户角色及权限
        Set<String> roles  = accountService.selectByAid(account.getAid());
//        3. 授权
        info.addRoles(roles);
        return info;
    }

//    认证
    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
        System.err.println("执行了认证...........");
//        获取当前登录账户
        UsernamePasswordToken accountToken = (UsernamePasswordToken) token;
        String username = accountToken.getUsername(); // 获取当前账号
//        连接数据库进行登录验证
        Account account = accountController.selectByName(username);
        if (account == null) {
            return null; //抛出 UnknownAccountException 异常
        }
        /**
         * 1、获取当前用户信息
         * 2、保存当前登录用户信息到Session中
         */
        QueryWrapper<UserInfo> queryWrapper = new QueryWrapper<>();
        queryWrapper.eq("aid",account.getAid());
        UserInfo userInfo = userInfoService.getOne(queryWrapper);
        Subject subject = SecurityUtils.getSubject();
        Session session = subject.getSession();
        session.setAttribute("user",userInfo);
        //        将获取到的账户id存入session中，提供后期博客发布
        session.setAttribute("aid",account.getAid());
//         密码认证 shiro做 存在泄密 MD5加密 比较安全
//        SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(account, account.getApassword(), account.getAaccount());
//        存在泄密 MD5盐值加密 几乎安全 一般确保唯一性，使用账户作为盐
        ByteSource credentialsSalt = ByteSource.Util.bytes(username);
        SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(account, account.getApassword(), credentialsSalt,userInfo.getUname());
        return info;
    }

}

